﻿@{
    // Set the layout page and page title
    Layout = "~/Shared/_SiteLayout.cshtml";
    Page.Title = "Forget Your Password?";

    bool passwordSent = false;
    bool isValid = true;
    var errorMessage = "";
    var emailError = "";
    var disabledAttribute = "";
    var resetToken = "";
    var email = Request.Form["email"] ?? Request.QueryString["email"];

    if (IsPost)
    {
        // validate email
        if (email.IsEmpty() || !email.Contains("@"))
        {
            emailError = "Please enter a valid email";
            isValid = false;
        }
        if (isValid)
        {
            if (SiteSecurity.GetUserId(email)> -1 && SiteSecurity.IsConfirmed(email))
            {
                resetToken = SiteSecurity.GeneratePasswordResetToken(email); //Optionally specify an expiration date for the token
            }
            else
            {
                passwordSent = true; // We don't want to disclose that the user does not exist.
                isValid = false;
            }
        }
        if (isValid)
        {
            var hostUrl = Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
            var resetUrl = hostUrl + VirtualPathUtility.ToAbsolute("~/Account/PasswordReset?resetToken=" + HttpUtility.UrlEncode(resetToken));
            WebMail.Send(
                to: email,
                subject: "Please reset your password",
                body: "Use this password reset token to reset your password. The token is: " + resetToken + @". Visit <a href=""" + resetUrl + @""">" + resetUrl + "</a> to reset your password."
            );
            passwordSent = true;
            disabledAttribute = @"disabled=""disabled""";
        }
    }
}
<form method="post" action="">
<fieldset>
    <legend>Password Reset Instructions Form</legend>
    @if (!WebMail.SmtpServer.IsEmpty())
    {
        <p>
            We will send password reset instructions to the email address associated with your
            account.
        </p>
        if (passwordSent)
        {
        <p class="message success">
            Instructions to reset your password have been sent to the specified email address.
        </p>
        }
        if (!errorMessage.IsEmpty())
        {
        <p class="message error">
            @errorMessage
        </p>
        }
        <ol>
            <li class="email">
                <label for="email">
                    Email Address</label>
                <input type="text" id="email" name="email" title="Email address" value="@email" @disabledAttribute @if (!emailError.IsEmpty())
                                                                                                                   {<text>class="error-field"</text>} />
                @if (!emailError.IsEmpty())
                {
                    <label class="validation-error">@emailError</label>
                }
            </li>
        </ol>
        <p class="form-actions">
            <input type="submit" value="Send Instructions" @disabledAttribute />
        </p>
    }
    else
    {
        <p class="message info">
            Password recovery is disabled for this website because the SMTP server is not configured
            correctly. Please contact the owner of this site to reset your password.
        </p>
    }
</fieldset>
</form>